Humans may engage in human-to-computer dialogs with interactive software applications referred to herein as “automated assistants” (also referred to as “chatbots,” “interactive personal assistants,” “intelligent personal assistants,” “personal voice assistants,” “conversational agents,” etc.). For example, humans (which when they interact with automated assistants may be referred to as “users”) may provide commands, queries, and/or requests (collectively referred to herein as “queries”) using free form natural language input which may be vocal utterances converted into text and then processed, and/or by typed free form natural language input.
In many cases, logical instances of automated assistants may be implemented across multiple computing devices. For example, a logical instance of an automated assistant may include an automated assistant client installed on a user's mobile phone and one or more cloud-based automated assistant components. The automated assistant client may be configured to provide the user with an automated assistant interface that the user can operate to engage in a human-to-computer dialog with the automated assistant. However, much of the heavy lifting associated with the human-to-computer dialogs is often performed by the cloud-based automated assistant components, which are able to leverage the virtually limitless resources of the cloud to perform semantic processing of natural language queries.
Users may engage in human-to-computer dialogs with automated assistants for a variety of reasons, such as searching for information, performing tasks, etc. Sometimes when users interact with automated assistants, the users may seek information that is sensitive or private, or that depends on information that is sensitive or private. This potentially sensitive or private information may be stored on one or more computing devices operated by the user and/or on the cloud in association with a user profile of the user. While it is possible to grant cloud-based automated assistant components access to such user-controlled resources, doing so may potentially expose the private or sensitive information to third parties that the user would not wish to have access to the information. And in some scenarios, the user may not want even the cloud-based automated assistant components to have access to sensitive or private information. Moreover, cloud-based automated assistant components may not have access to some information that is stored, for instance, at resources (e.g., computing devices) that are within protected “security zones,” such as corporate networks that are behind one or more firewalls.